87ab5fc
diff -up openssh-7.1p2/pam_ssh_agent_auth-0.10.2/identity.h.psaa-agent openssh-7.1p2/pam_ssh_agent_auth-0.10.2/identity.h
87ab5fc
--- openssh-7.1p2/pam_ssh_agent_auth-0.10.2/identity.h.psaa-agent	2014-03-31 19:35:16.000000000 +0200
87ab5fc
+++ openssh-7.1p2/pam_ssh_agent_auth-0.10.2/identity.h	2016-01-22 15:47:15.999919059 +0100
87ab5fc
@@ -38,6 +38,12 @@
87ab5fc
 typedef struct identity Identity;
87ab5fc
 typedef struct idlist Idlist;
87ab5fc
 
87ab5fc
+typedef struct {
87ab5fc
+       int     fd;
87ab5fc
+       Buffer  identities;
87ab5fc
+       int     howmany;
87ab5fc
+}      AuthenticationConnection;
87ab5fc
+
87ab5fc
 struct identity {
87ab5fc
     TAILQ_ENTRY(identity) next;
87ab5fc
     AuthenticationConnection *ac;   /* set if agent supports key */
87ab5fc
diff -up openssh-7.1p2/pam_ssh_agent_auth-0.10.2/iterate_ssh_agent_keys.c.psaa-agent openssh-7.1p2/pam_ssh_agent_auth-0.10.2/iterate_ssh_agent_keys.c
87ab5fc
--- openssh-7.1p2/pam_ssh_agent_auth-0.10.2/iterate_ssh_agent_keys.c.psaa-agent	2016-01-22 15:47:15.998919060 +0100
87ab5fc
+++ openssh-7.1p2/pam_ssh_agent_auth-0.10.2/iterate_ssh_agent_keys.c	2016-01-22 15:53:38.427768239 +0100
87ab5fc
@@ -39,6 +39,7 @@
637556d
 #include "buffer.h"
637556d
 #include "key.h"
637556d
 #include "authfd.h"
637556d
+#include "ssherr.h"
637556d
 #include <stdio.h>
87ab5fc
 #include <openssl/evp.h>
87ab5fc
 #include "ssh2.h"
a9ad706
@@ -285,36 +286,44 @@ pamsshagentauth_find_authorized_keys(con
637556d
 {
87ab5fc
     Buffer session_id2 = { 0 };
637556d
     Identity *id;
637556d
-    Key *key;
637556d
     AuthenticationConnection *ac;
637556d
-    char *comment;
637556d
     uint8_t retval = 0;
87ab5fc
     uid_t uid = getpwnam(ruser)->pw_uid;
73d45fa
+    struct ssh_identitylist *idlist;
a9ad706
+    int r;
a9ad706
+    unsigned int i;
637556d
 
637556d
     OpenSSL_add_all_digests();
87ab5fc
     pamsshagentauth_session_id2_gen(&session_id2, user, ruser, servicename);
637556d
 
637556d
     if ((ac = ssh_get_authentication_connection_for_uid(uid))) {
87ab5fc
         verbose("Contacted ssh-agent of user %s (%u)", ruser, uid);
637556d
-        for (key = ssh_get_first_identity(ac, &comment, 2); key != NULL; key = ssh_get_next_identity(ac, &comment, 2)) 
637556d
+		if ((r = ssh_fetch_identitylist(ac->fd, 2,
637556d
+		    &idlist)) != 0) {
637556d
+			if (r != SSH_ERR_AGENT_NO_IDENTITIES)
637556d
+				fprintf(stderr, "error fetching identities for "
637556d
+				    "protocol %d: %s\n", 2, ssh_err(r));
405790e
+		} else {
637556d
+		for (i = 0; i < idlist->nkeys; i++)
637556d
         {
637556d
-            if(key != NULL) {
637556d
+            if(idlist->keys[i] != NULL) {
637556d
                 id = xcalloc(1, sizeof(*id));
637556d
-                id->key = key;
637556d
-                id->filename = comment;
637556d
+                id->key = idlist->keys[i];
637556d
+                id->filename = idlist->comments[i];
637556d
                 id->ac = ac;
87ab5fc
                 if(userauth_pubkey_from_id(ruser, id, &session_id2)) {
637556d
                     retval = 1;
73d45fa
                 }
73d45fa
-                free(id->filename);
73d45fa
-                key_free(id->key);
73d45fa
                 free(id);
73d45fa
                 if(retval == 1)
637556d
                     break;
637556d
             }
637556d
         }
87ab5fc
         buffer_free(&session_id2);
637556d
-        ssh_close_authentication_connection(ac);
73d45fa
+        ssh_free_identitylist(idlist);
73d45fa
+        ssh_close_authentication_socket(ac->fd);
73d45fa
+        free(ac);
405790e
+        }
637556d
     }
637556d
     else {
637556d
         verbose("No ssh-agent could be contacted");
87ab5fc
diff -up openssh-7.1p2/pam_ssh_agent_auth-0.10.2/userauth_pubkey_from_id.c.psaa-agent openssh-7.1p2/pam_ssh_agent_auth-0.10.2/userauth_pubkey_from_id.c
87ab5fc
--- openssh-7.1p2/pam_ssh_agent_auth-0.10.2/userauth_pubkey_from_id.c.psaa-agent	2016-01-22 15:47:15.995919061 +0100
87ab5fc
+++ openssh-7.1p2/pam_ssh_agent_auth-0.10.2/userauth_pubkey_from_id.c	2016-01-22 16:06:20.611464261 +0100
87ab5fc
@@ -55,10 +55,11 @@ extern uint8_t  session_id_len;
73d45fa
 int
87ab5fc
 userauth_pubkey_from_id(const char *ruser, Identity * id, Buffer * session_id2)
73d45fa
 {
73d45fa
-    Buffer          b = { 0 };
73d45fa
+    Buffer          b;
73d45fa
     char           *pkalg = NULL;
73d45fa
     u_char         *pkblob = NULL, *sig = NULL;
73d45fa
-    u_int           blen = 0, slen = 0;
73d45fa
+    u_int           blen = 0;
73d45fa
+    size_t          slen = 0;
73d45fa
     int             authenticated = 0;
73d45fa
 
73d45fa
     pkalg = (char *) key_ssh_name(id->key);
87ab5fc
@@ -82,7 +83,7 @@ userauth_pubkey_from_id(const char *ruse
637556d
     buffer_put_cstring(&b, pkalg);
637556d
     buffer_put_string(&b, pkblob, blen);
637556d
 
637556d
-    if(ssh_agent_sign(id->ac, id->key, &sig, &slen, buffer_ptr(&b), buffer_len(&b)) != 0)
459bd27
+    if(ssh_agent_sign(id->ac->fd, id->key, &sig, &slen, buffer_ptr(&b), buffer_len(&b), 0) != 0)
637556d
         goto user_auth_clean_exit;
637556d
 
637556d
     /* test for correct signature */
13073f8
diff --git a/pam_ssh_agent_auth-0.10.2/userauth_pubkey_from_id.c b/pam_ssh_agent_auth-0.10.2/userauth_pubkey_from_id.c
13073f8
--- a/pam_ssh_agent_auth-0.10.2/userauth_pubkey_from_id.c
13073f8
+++ b/pam_ssh_agent_auth-0.10.2/userauth_pubkey_from_id.c
13073f8
@@ -85,7 +85,7 @@ userauth_pubkey_from_id(const char *ruser, Identity * id, Buffer * session_id2)
13073f8
     buffer_put_cstring(&b, pkalg);
13073f8
     buffer_put_string(&b, pkblob, blen);
13073f8
 
13073f8
-    if(ssh_agent_sign(id->ac->fd, id->key, &sig, &slen, buffer_ptr(&b), buffer_len(&b), 0) != 0)
13073f8
+    if(ssh_agent_sign(id->ac->fd, id->key, &sig, &slen, buffer_ptr(&b), buffer_len(&b), NULL, 0) != 0)
13073f8
         goto user_auth_clean_exit;
13073f8
 
13073f8
     /* test for correct signature */
13073f8